Recently, Google has published a research regarding the “security questions” as a two-factor authenticating method for user’s online accounts.
According to their study, it seems that the security questions aren’t as efficient as we might think.
First of all, because questions like “What’s the name of your first pet” usually have answers that can be guessed in less than 10 tries. Moreover, it seems that people don’t actually have an “established” favorite movie, song or actor, so in 40% of cases, users forget their own security answers. Also, because of these facts, adding more security questions to an account isn’t that good of an idea.
Google’s solution for protecting the online accounts is the implementation of 2-factor authentication solutions such as tokens or SMS.
More details on the official research published on Google Online Security Blog